ROCKY9.4上搭建NTP服务器
时间:2024.11.23
内容:搭建NTP(Network Time Protocol)服务,为实验环境内其他主机提供时间校对服务
参照:
- 鸟哥Linux私房菜
- 马哥教育王老师课程
- 千锋教育RHCE课程
看下chrony的介绍,一个NTP的服务/客户端,多功能实现
[root@ROCKY9 ~]# dnf info chrony
Last metadata expiration check: 1:30:39 ago on Fri 22 Nov 2024 10:49:31 PM CST.
Available Packages
Name : chrony
Version : 4.5
Release : 3.el9
Architecture : x86_64
Size : 334 k
Source : chrony-4.5-3.el9.src.rpm
Repository : baseos
Summary : An NTP client/server
URL : https://chrony-project.org
License : GPLv2
Description : chrony is a versatile implementation of the Network Time Protocol (NTP).
: It can synchronise the system clock with NTP servers, reference clocks
: (e.g. GPS receiver), and manual input using wristwatch and keyboard. It
: can also operate as an NTPv4 (RFC 5905) server and peer to provide a time
: service to other computers in the network.
环境内有的主机安装了,有的没有安装
[root@RHEL9 ~]# ansible all -a 'rpm -q chrony'
rhel9 | CHANGED | rc=0 >>
chrony-4.5-1.el9.x86_64
rocky9 | FAILED | rc=1 >>
package chrony is not installednon-zero return code
rhel8 | FAILED | rc=1 >>
package chrony is not installednon-zero return code
centos7 | CHANGED | rc=0 >>
chrony-3.4-1.el7.x86_64
在rocky9上安装chrony,查看配置文件
[root@ROCKY9 ~]# rpm -q chrony || yum install -y chrony
[root@ROCKY9 ~]# rpm -qc chrony
/etc/chrony.conf
/etc/chrony.keys
/etc/logrotate.d/chrony
/etc/sysconfig/chronyd
备份配置文件并编辑
[root@ROCKY9 ~]# cp /etc/chrony.conf{,.bak}
[root@ROCKY9 ~]# ls /etc/chrony.conf*
/etc/chrony.conf /etc/chrony.conf.bak
[root@ROCKY9 ~]# vim /etc/chrony.conf
将地址池更换为
http://www.ntp.org.cn/
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
#pool 2.rocky.pool.ntp.org iburst
pool cn.ntp.org.cn iburst
添加允许客户端的白名单
# Allow NTP client access from local network.
#allow 192.168.0.0/16
allow 192.168.5.253
allow 192.168.5.254
allow 10.31.0.0/24
allow 172.31.0.0/24
启动服务
[root@ROCKY9 ~]# systemctl start chronyd
[root@ROCKY9 ~]# systemctl status chronyd.service
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; preset: enabled)
Active: active (running) since Sat 2024-11-23 01:15:09 CST; 2s ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Process: 9689 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 9691 (chronyd)
Tasks: 1 (limit: 5885)
Memory: 996.0K
CPU: 31ms
CGroup: /system.slice/chronyd.service
└─9691 /usr/sbin/chronyd -F 2
Nov 23 01:15:09 ROCKY9 systemd[1]: Starting NTP client/server...
Nov 23 01:15:09 ROCKY9 chronyd[9691]: chronyd version 4.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCD>
Nov 23 01:15:09 ROCKY9 chronyd[9691]: Loaded 0 symmetric keys
Nov 23 01:15:09 ROCKY9 chronyd[9691]: Using right/UTC timezone to obtain leap second data
Nov 23 01:15:09 ROCKY9 chronyd[9691]: Loaded seccomp filter (level 2)
Nov 23 01:15:09 ROCKY9 systemd[1]: Started NTP client/server.
先确认下连接互联网的ntp源成功
[root@ROCKY9 ~]# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^- 106.75.185.63 3 6 77 23 -8663us[-6729us] +/- 102ms
^+ time4.aliyun.com 2 6 237 17 -1999us[-1999us] +/- 18ms
^+ 114.67.237.130 11 6 77 23 +1133us[+3064us] +/- 25ms
^* 120.25.115.20 2 6 77 22 -506us[+1433us] +/- 18ms
带*的是最优的服务器
[root@ROCKY9 ~]# chronyc tracking
Reference ID : 78197314 (120.25.115.20)
Stratum : 3
Ref time (UTC) : Fri Nov 22 17:32:29 2024
System time : 0.000432213 seconds slow of NTP time
Last offset : -0.000182381 seconds
RMS offset : 0.000880451 seconds
Frequency : 1.259 ppm fast
Residual freq : -0.084 ppm
Skew : 1.924 ppm
Root delay : 0.032529332 seconds
Root dispersion : 0.001435169 seconds
Update interval : 64.9 seconds
Leap status : Normal
看下firewalld防火墙是否支持ntp服务
[root@ROCKY9 ~]# firewall-cmd --get-services | grep -o ntp
ntp
修改防火墙配置允许ntp服务通过
[root@ROCKY9 ~]# firewall-cmd --permanent --add-service=ntp
success
[root@ROCKY9 ~]# firewall-cmd --reload
success
[root@ROCKY9 ~]# firewall-cmd --list-services
dhcp ntp ssh
配置环境内其余主机使用rocky9(10.31.0.1)提供的ntp服务,在rhel9上用ansible操作,2024年8月份我考rhce的考题
[root@RHEL9 ~]# dnf install rhel-system-roles -y
[root@RHEL9 ~]# cp /usr/share/doc/rhel-system-roles/timesync/example-single-pool-playbook.yml ./ntpclient.yml
[root@RHEL9 ~]# vim ntpclient.yml
[root@RHEL9 ~]# cat ntpclient.yml
---
- name: NTP with single pool
hosts: all:!rocky9
vars:
timesync_ntp_servers:
- hostname: 10.31.0.1
iburst: true
roles:
- rhel-system-roles.timesync
测试一下,千万别把ntp服务器也给配了,不能在rocky9上运行
[root@RHEL9 ~]# ansible-playbook --syntax-check ntpclient.yml
playbook: ntpclient.yml
[root@RHEL9 ~]# ansible-playbook -C ntpclient.yml
PLAY [NTP with single pool] *******************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************
ok: [centos7]
ok: [rhel9]
ok: [rhel8]
TASK [rhel-system-roles.timesync : Set version specific variables] ****************************************************************
included: /usr/share/ansible/roles/rhel-system-roles.timesync/tasks/set_vars.yml for rhel9, rhel8, centos7
......
运行结果
[root@RHEL9 ~]# ansible-playbook ntpclient.yml
PLAY [NTP with single pool] *******************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************
ok: [rhel9]
ok: [rhel8]
ok: [centos7]
......
PLAY RECAP ************************************************************************************************************************
centos7 : ok=20 changed=2 unreachable=0 failed=0 skipped=27 rescued=0 ignored=0
rhel8 : ok=20 changed=6 unreachable=0 failed=0 skipped=27 rescued=0 ignored=0
rhel9 : ok=20 changed=4 unreachable=0 failed=0 skipped=27 rescued=0 ignored=0
复查结果,centos7在58.218.XX.X2网段,不在允许使用rocky9提供的ntp服务的白名单当中,连接失败,其余成功。centos7的问题打算后续添加路由表解决。
[root@RHEL9 ~]# ansible all -a 'chronyc sources'
rhel9 | CHANGED | rc=0 >>
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.31.0.1 3 6 37 56 -359ns[ -11us] +/- 18ms
rhel8 | CHANGED | rc=0 >>
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.31.0.1 3 6 37 56 +2ns[ +99us] +/- 18ms
rocky9 | CHANGED | rc=0 >>
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^- 106.75.185.63 4 9 377 191 -8041us[-8041us] +/- 447ms
^+ time4.aliyun.com 2 9 377 50 -1253us[-1253us] +/- 18ms
^+ 114.67.237.130 11 9 377 180 +1234us[+1234us] +/- 89ms
^* 120.25.115.20 2 10 357 262 -1006us[ -705us] +/- 18ms
centos7 | CHANGED | rc=0 >>
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? 10.31.0.1 0 7 0 - +0ns[ +0ns] +/- 0ns
[root@RHEL9 ~]# ansible all -a 'chronyc tracking'
rhel9 | CHANGED | rc=0 >>
Reference ID : 0A1F0001 (10.31.0.1)
Stratum : 4
Ref time (UTC) : Fri Nov 22 18:45:46 2024
System time : 0.000001133 seconds fast of NTP time
Last offset : +0.000001144 seconds
RMS offset : 0.000010267 seconds
Frequency : 1.218 ppm fast
Residual freq : +0.001 ppm
Skew : 0.049 ppm
Root delay : 0.033513460 seconds
Root dispersion : 0.001690662 seconds
Update interval : 64.2 seconds
Leap status : Normal
rocky9 | CHANGED | rc=0 >>
Reference ID : 78197314 (120.25.115.20)
Stratum : 3
Ref time (UTC) : Fri Nov 22 18:41:17 2024
System time : 0.000369571 seconds fast of NTP time
Last offset : +0.000300962 seconds
RMS offset : 0.000600089 seconds
Frequency : 1.344 ppm fast
Residual freq : -0.004 ppm
Skew : 0.283 ppm
Root delay : 0.033190452 seconds
Root dispersion : 0.001702290 seconds
Update interval : 513.5 seconds
Leap status : Normal
rhel8 | CHANGED | rc=0 >>
Reference ID : 0A1F0001 (10.31.0.1)
Stratum : 4
Ref time (UTC) : Fri Nov 22 18:45:47 2024
System time : 0.000000031 seconds fast of NTP time
Last offset : -0.000030026 seconds
RMS offset : 0.000094602 seconds
Frequency : 1.214 ppm fast
Residual freq : -0.064 ppm
Skew : 0.602 ppm
Root delay : 0.033404235 seconds
Root dispersion : 0.001671954 seconds
Update interval : 64.0 seconds
Leap status : Normal
centos7 | CHANGED | rc=0 >>
Reference ID : 00000000 ()
Stratum : 0
Ref time (UTC) : Thu Jan 01 00:00:00 1970
System time : 0.000000001 seconds fast of NTP time
Last offset : +0.000000000 seconds
RMS offset : 0.000000000 seconds
Frequency : 22.238 ppm fast
Residual freq : +0.000 ppm
Skew : 0.000 ppm
Root delay : 1.000000000 seconds
Root dispersion : 1.000000000 seconds
Update interval : 0.0 seconds
Leap status : Not synchronised
把ntp的配置实现脚本自动化
[root@centos7 ~]# cat rocky9ntp.sh
#rocky9ntp.sh
#Date: 2024-11-23
#!/bin/bash
ntpserver='pool cn.ntp.org.cn'
ntpclient=("192.168.5.253" "192.168.5.254" "10.31.0.0/24" "172.31.0.0/24")
ntpfile='/etc/chrony.conf'
#安装ntp服务
rpm -q chrony || yum install -y chrony
#修改ntp服务器地址
sed -Ei.bak "s/^[[:alpha:]]+ [[:alnum:]]+\.[[:alnum:]]+\.[[:alnum:]]\.?.*( iburst)$/${ntpserver}\1/" ${ntpfile}
#设置ntp客户端白名单
for client in ${ntpclient[@]} ; do
echo "allow ${client}" >> ${ntpfile}
done
#重新启动服务
systemctl restart chronyd.service
systemctl enable chronyd.service
#配置防火墙
firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload
浙公网安备 33010602011771号